[Full-disclosure] cryptsetup can't destroy last key of a LUKS partition under Ubuntu/Debian



Hello everyone,

I noticed last week that the Debian packaged version of cryptsetup has a
little limitation, which could be a security issue for people who have to
destroy their data forever.

It is impossible to destroy a keyslot when you used it to unlock the master
key.

I reported the bug to debian (etch and lenny are affected as far as I tested):
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=513596
and to ubuntu (tested on hardy):
https://bugs.launchpad.net/cryptsetup/+bug/324871

It's not a major security problem, but people who were planning to run
'cryptsetup luksDelKey /dev/sda1 0' on their installation when the police
comes to wake them up should be adviced that it won't work out of the box.

Cheers,


Pierre Dinh-van

Attachment: signature.asc
Description: Digital signature

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Relevant Pages

  • cryptsetup cant destroy last key of a LUKS partition under Ubuntu/Debian
    ... I noticed last week that the Debian packaged version of cryptsetup has a ... little limitation, which could be a security issue for people who have to ... It is impossible to destroy a keyslot when you used it to unlock the master ... It's not a major security problem, but people who were planning to run ...
    (Bugtraq)
  • Re: Carrying Cigars When Flying?
    ... The baggage gorillas have ... 50+stick humidor in my carry on packed with cigars, ... disease infested dry airplane air to destroy them. ... security evasion informally for about a decade. ...
    (alt.smokers.cigars)
  • Re: OE broken after security update
    ... > Applied security updates as offered by autoupdate ... and on next startup Outlook Express destroyed ... > They destroyed my system with their untested security ... > I'll just stick to Eudora, at least that does not destroy ...
    (microsoft.public.windows.inetexplorer.ie6_outlookexpress)
  • Re: is this double CBC?
    ... ahhh but if it is not truly random then there is no real entropy. ... what you said "weakens security" the difference in words here is very ... village idiot can destroy that. ... that it weakens the security, simply for the sake of consuming computation ...
    (sci.crypt)
  • Re: auto-deleting safe or encrypted folders?
    ... I'm thinking of something like Steganos Safe, but with a destroy data ... ANY security can be made pointless by doing something stupid. ... If the idea is you're doing this at a police station ... ...
    (sci.crypt)